<?php
	require("../inc/functions.php");
	require("../inc/authorize.php");
	$stat = authorize();
	if($stat != 0) {
		header("Location: index.php?l=$stat"); /* gick inte */
		exit ();
	}


	  //Browser ska inte cache
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");


	$SERVICE_DIR = '../services/';
	
    // Check data
	if ( !isset($_GET['s']) || !isset($_GET['f']) ){
		die("\n\n\n");
	}
	$unsafe_s = $_GET['s'];
	$unsafe_f = $_GET['f'];

	  // Check, service (s)
	$dirarr = scandir($SERVICE_DIR);
	$hitt = array_search($unsafe_s, $dirarr);
	if ( $hitt === false )
		die("\nNot found");
	$hitt = $dirarr[$hitt];
	if ( $hitt == '.' || $hitt == '..' )
		die("\nNot found");
	if ( !is_dir($SERVICE_DIR.$hitt) )
                die("\nNot found");
	$safe_s = $hitt;
	
	  // Check, file (f)
	$dirarr = scandir($SERVICE_DIR.$safe_s.'/public/');
        unset($dirarr['.']);
        unset($dirarr['..']);
	$hitt = array_search($unsafe_f, $dirarr);
        if ( $hitt === false )
                die("\nNot found");
	if ( $hitt == '.' || $hitt == '..' )
		die("\nNot found");
	$hitt = $dirarr[$hitt];
        if ( !is_file($SERVICE_DIR.$safe_s.'/public/'.$hitt) )
                die("\nNot found");
	$safe_f = $hitt;


    // Data OK, send file
	$mime = mime_content_type( $SERVICE_DIR.$safe_s.'/public/'.$safe_f );
	header("Content-type: $mime");

	$file = $_GET['f'];
	if( $mime == "text/plain" || $mime == "text/html"|| $mime == "text/x-php") {
		  //Browser ska inte cache
		header("Cache-Control: no-cache, must-revalidate");
		header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
		require($SERVICE_DIR.$safe_s.'/public/'.$safe_f);
	}
	else {
		readfile($SERVICE_DIR.$safe_s.'/public/'.$safe_f);
	}
?>


